ePlaice / For the Best Software on the Net

Mainly Free and Open Source Software

Security Navigation

Virus | Spam | Firewall | Firewall Basics Configuring Firewall | Blocking IP's Spyware |

Valid XHTML 1.1

Latest news

01 Oct 2006: Lavasoft have a new look website which clearly shows all the products

Links:

Anti-Spyware Software

Adaware

All Marketing Organisations like to know your surfing habits on the net, so that they can target you with tailor made advertising. Some Marketing organisations will be looking at averages and trends where others will be intent on gaining personal information about you so that they can target you directly. They like to be able to prove the effectiveness of campaigns and the ultimate goal for them would be to be able to manipulate your surfing habits so that they can gain sales and increased profits.

Many of the tracking devices that are placed on your computer are fairly benign, but there is always the danger that if you are not aware of what is going on behind the scenes then you are not in control of what is on your computer. On the basis that your computer is your property there is seldom any reason to allow Ads and Trackers on your computer. The best place is to stop them at source with a good firewall, but as this is not always possible then a good checker is required. Along with other tools such as Spybot I have also regularly been using Ad-Aware since this tends to find some of the tracking cookies that the others leave behind.

AVG Free

If you are already running AVG Free Anti-Virus then I suspect many users will use the new AVG version 8.0 which now is combined with an integrated Anti-Spyware module. The advantage is that when you scan for viruses there is also a check against known spyware, so you do not have to run a separate scan for each. Again there is also real time protection against any attempts to run spyware. It's early days yet but certainly worth giving it a try.

PUP's

I got a PUP message the first time I ran AVG and eventually found that this meant I was running a 'Potentially Unwanted Program' - in this case it was Digstream.exe part of ESPNMotion. As I haven't used this program at all I decided to let AVG move it to the virus vault and then I uninstalled ESPNMotion. There is also an option to exclude a PUP from the detection scan if you particularly want to continue running the program, but of course you do this at your own risk.

Ad-Aware 2008

I have been using the Ad-Aware SE Personal Edition of the software for about two years, so when the new 2007 version was released I decided to upgrade to the free Ad-Aware 2007 edition (now 2008 version). As previously, there is chargeable Plus version and a Professional version that provides enhanced control. If you decide to go for the free edition then you will miss out on real time protection, the ability to schedule a scanning run and you cannot install any tools or plugins.

Installation

The installation automatically removes the old SE version so if you just want to try it out you will have to go to the trouble of reinstalling the old SE version. However, I would be surprised if the SE version remains supported so unless you really don't like the product, it may be best to stick with it. Before doing a scan make sure you have downloaded the latest definition file using the Update facility which is used for both new definition files and software updates.

Disable AAWSERVICE

If you are using the free version then there is no point in having the Aawservice automatically running in the background even when you are not running Adaware. This is one of my pet hates, so it was off to a bad start. The easiest way to stop this is to set the process to manual by running services.msc. However, then you will find that Adaware will restart the service. So create a .bat file as follows :-
@ECHO OFF
Ad-Aware2008.exe
sc stop aawservice
@echo Done

Then run the bat file whenever you want to run Adaware.

System Scan

The Scan checks for known bad processes, modules, registry keys, registry values, files and folders. So far, I have been fortunate and Ad-Aware has not identified any serious problems, which probably means the Firewall protection and Spybot are stopping them at source. However, it does regularly find tracking cookie files in my Interner Explorer cache. Each item found is scored using a TAC (Threat Assessment Chart) which gives an assessment between 1 and 10 (10 being the highest threat) and also the number of hits that the Spy Company has registered. The help file supplied provides a good source of further information. You can use the update option within Ad-Aware to keep your application updated with currently known threats. If I stick to using Firefox then I have found that Adaware actually finds very little on my system. There are three version of the scan process - Smart Scan (means quick), Full Scan (takes a long time), Custome Scan where you can select files and folders to scan.

Tracking Cookies

Adaware has always been good at finding Tracking Cookies / Data Miners. So you just run the quick scan and out pop a few or more tracking cookies and then let Adaware get rid of them. However, you are probably thinking wouldn't it be a good idea to stop these in the first place and now you can with Internet Explorer 7. In IE7 go to Tools/Internet Options/Privacy and click on the Advanced button and tick 'Override automatic cookie handling'. Then block First Party and Third Party cookie handling and you should never see another cookie flagged up by Adaware. Under the Sites list it is advisable to allow any banking sites you may use and probably microsoft.com to allow manual updates to take place. If you use Firefox then this facility has been available to you for a long time; just go to Tools/Options/Privacy and make sure that the 'Accept cookies from sites' box is not ticked. Then you can set up the sites which you want to accept cookies by entering each website in the exceptions list. If after all this you are still getting cookies showing up on Adaware then you can get the name of the originating website and do a specific block on this website. Both IE7 and Firefox come with a default list of blocked sites.

Removing Objects Found

Ad-Aware then gives you the option of quarantining the items, in which case the threat is removed from your computer, but there is a backup available to allow a restore if that is required at a future date. The other option is to just let Ad-Aware delete the items.

Conclusions

I installed the free version 7.0.1.5 of Adaware 2007 and am now up to version 7.0.2.5. Apart from the adverts for the Plus and Pro versions it seems to work very well at finding data miners and trackers. I was pleased to find that my machine was clean whereas it found quite a few problems (not picked up by Spybot) on another machine. Unlike the old SE version, none of the plugins work with the Free 2007 version. I'm not sure if this is a problem since I never found any use for them during the time I ran the SE version

Spybot Search & Destroy

Spybot

Spybot has been around for several years and has stood the test of time. It is freeware but they do encourage donations to help with bone marrow transplantations.

These impressions are based on using version 1.4 thru 1.5 of Spybot which comes with a number of useful tools such as monitoring system start-ups and secure shredding. In addition you can find a useful little file analyser called Filealyser on the Spybot web site.

Search and Destroy

I first ran Spybot in 'Search and Destroy' mode about 6 months ago and I was a bit shocked at the number of items it found and was able to remove even though I had a firewall and virus checker installed. The checking mode is very quick in relation to the sheer number of files it is searching. If it finds a problem then there is an extension to the screen that displays further information about the threat. In addition spyware threats are colour coded 'red' and usage tracking are coded 'green'. When you are ready, you can press the 'fix selected problems' button and it will take a System Restore checkpoint and then remove the threat.

Immunization

This is a very nice feature that allows you to take preventitive measures against spyware. When you press the 'Immunize' button Spybot will automatically stop all Internet Explorer Active X spyware products from running and you can also choose to block bad downloads. Note currently these features are only relevant to Internet Explorer and blocking Active X in say Firefox is not a problem because Firefox does not support Active X.

Resident Tea Timer

In addition, Spybot contains the Resident TeaTimer which is completely browser independent. It is a new tool of Spybot which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future: You can set TeaTimer to:
- be informed, when the process tries to start again
- automatically kill the process
- or generally allow the process to run
There is also an option to delete the file associated with this process. In addition, TeaTimer detects, when something wants to change some critical registry keys. TeaTimer can protect you against such changes again giving you an option: You can either "Allow" or "Deny" the change. As TeaTimer is always running in the background, it takes some resources of about 5 MB. Currently, there is a small problem with TeaTimer where TeaTimers snapshot of the registry gets out of sync with the Registry. This can cause the same popup warnings to be repeated. The best way to deal with this is to manually exit out of TeaTimer and restart the process by doubleclicking on Teatimer.exe. Hopefully, this will be fixed soon.

Maintaining Protection

Of course, in order to keep the protection going you should ensure that you have the latest configuration files loaded. Normally, these are released every 7 to 10 days and all you need to do is press the 'Update' button. Currently, Spybot runs about 27,000 checks during the spyware scan.

Tools

For advanced users Spybot comes with a set of tools such as Reports, Resident download blocker, Active X blocker, Known Bad Site blocker, Internet Explorer tweaks and more.

Rootkit Revealer

No defence against spyware is complete without a tool for discovering rootkits, which without getting too technical, allow malware to hide on your machine without triggering the spyware checker. The one from SysInternals seems to be among the best, it's free and is the one I use. Just one note; with the latest version 1.7.1 there are a couple of false positives - have a look at the forum. Also make sure you don't have any activity on the machine while this runs otherwise it's before and after images will be different because you made a change. Read the manual!

Overall Conclusions

Each of these applications have areas of different expertise, so that Adaware seems to be particularly good at finding Tracking Cookies, I like the additional tools in Spybot, the scan is very quick, although I have never really liked the Resident process and as for the Agnitum product it just seems to run in the background blocking out all the other anti-spyware tools. As for the effectiveness of any of these tools I cannot really say, except you can spend an awful lot of time running these tools.